Greetings! Please help me to find out if i do something wrong or it is a bug.
If variable has sensitive value for one of the environments(scopes) sometimes it is shown as ***** for others.
Variables on the screenshots below actually have sensitive value only for “production” environment.
Also, you may notice that same-scoped (develop21, develop16) value is shown differently depending on “Environment” input.
This is definitely not a frontend-side issue, cause i have the same results through the API.
Hi! Ok, little more explanation:
If you have SENSITIVE variable with content e.g. - “Content1234” and NOT SENSITIVE variable with THE SAME content - “Content1234”, NOT SENSITIVE variable is shown as HIDDEN.
Thank you kindly for following up and providing all this great information. I’m jumping in here for Donny over the holiday break.
I’ve been able to reproduce this behavior, where a sensitive and a non-sensitive variable with matching values will also mask the non-sensitive value in the variable preview. This is actually by design, and to try to prevent the value from showing up inadvertently in the logs or preview page, Octopus masks this value outright across the board. To avoid the possibility of bruteforcing these values, we’d suggest the approach of “don’t use passwords that are likely to occur in normal logging/language” (quoting this docs section).
I’m sorry for the confusion this has caused. Please let us know if you have any questions or concerns!